Analysis Date2015-05-29 02:04:54
MD534ab5570af4677bdd9865b687f0a2ea9
SHA1c6226a67e3054426807d0b83839651f6e14a02de

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 13d7c2c4e0e63f42ee64711dc23adbe9 sha1: 0e108652513d5990facaf7c8cee600662007e28d size: 195584
Section.rdata md5: 09873a26e47b557b076249599d4789c3 sha1: c9b29049ebee5e380299539727502c7647ea8a7b size: 51712
Section.data md5: 04efa73241a716f78d7ad0628b144825 sha1: 15469228b92c66609c3c08f01cacc055ba912e10 size: 7168
Section.reloc md5: 18f537274ebd3b8ee7061da665aa913f sha1: 78aa18d774503fe38329f262ce2cd17428ff85f6 size: 13824
Timestamp2015-04-29 18:42:25
PackerMicrosoft Visual C++ 8
PEhash3738ebf2ec552646a550e87da3d0083fc96b5e8b
IMPhashdffe8c3c383437979a08db783b237d50

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\lzjjaxabgoq\mfle1lqzsvwedzvavle.exe
Creates FileC:\lzjjaxabgoq\d6vtfz
Creates FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Deletes FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Creates ProcessC:\lzjjaxabgoq\mfle1lqzsvwedzvavle.exe

Process
↳ C:\lzjjaxabgoq\mfle1lqzsvwedzvavle.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NetBIOS Redirector Identity Spooler ➝
C:\lzjjaxabgoq\bjoohiubzr.exe
Creates FileC:\lzjjaxabgoq\bjoohiubzr.exe
Creates FileC:\lzjjaxabgoq\tkpznlfdvht
Creates FilePIPE\lsarpc
Creates FileC:\lzjjaxabgoq\d6vtfz
Creates FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Deletes FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Creates ProcessC:\lzjjaxabgoq\bjoohiubzr.exe
Creates ServicePeer Installer Browser Protected UPnP - C:\lzjjaxabgoq\bjoohiubzr.exe

Process
↳ Pid 808

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates Filepipe\PCHFaultRepExecPipe

Process
↳ Pid 1132

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1848

Process
↳ Pid 1128

Process
↳ C:\lzjjaxabgoq\bjoohiubzr.exe

Creates FileC:\lzjjaxabgoq\tkpznlfdvht
Creates Filepipe\net\NtControlPipe10
Creates FileC:\lzjjaxabgoq\t6nzbxc
Creates File\Device\Afd\Endpoint
Creates FileC:\lzjjaxabgoq\ehpwpehgpmpk.exe
Creates FileC:\lzjjaxabgoq\d6vtfz
Creates FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Deletes FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Creates Processmsvnhqwybz9v "c:\lzjjaxabgoq\bjoohiubzr.exe"

Process
↳ C:\lzjjaxabgoq\bjoohiubzr.exe

Creates FileC:\lzjjaxabgoq\d6vtfz
Creates FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Deletes FileC:\WINDOWS\lzjjaxabgoq\d6vtfz

Process
↳ msvnhqwybz9v "c:\lzjjaxabgoq\bjoohiubzr.exe"

Creates FileC:\lzjjaxabgoq\d6vtfz
Creates FileC:\WINDOWS\lzjjaxabgoq\d6vtfz
Deletes FileC:\WINDOWS\lzjjaxabgoq\d6vtfz

Network Details:

DNSbelongbehind.net
Type: A
95.211.230.75
DNSlittlebroad.net
Type: A
DNSdestroybehind.net
Type: A
DNSlittlebehind.net
Type: A
DNSdestroybutter.net
Type: A
DNSlittlebutter.net
Type: A
DNSriddenunderstand.net
Type: A
DNSbelongunderstand.net
Type: A
DNSriddenbroad.net
Type: A
DNSbelongbroad.net
Type: A
DNSriddenbehind.net
Type: A
DNSriddenbutter.net
Type: A
DNSbelongbutter.net
Type: A
DNSchairunderstand.net
Type: A
DNSthoseunderstand.net
Type: A
DNSchairbroad.net
Type: A
DNSthosebroad.net
Type: A
DNSchairbehind.net
Type: A
DNSthosebehind.net
Type: A
DNSchairbutter.net
Type: A
DNSthosebutter.net
Type: A
DNSwithinunderstand.net
Type: A
DNSsufferunderstand.net
Type: A
DNSwithinbroad.net
Type: A
DNSsufferbroad.net
Type: A
DNSwithinbehind.net
Type: A
DNSsufferbehind.net
Type: A
DNSwithinbutter.net
Type: A
DNSsufferbutter.net
Type: A
DNSeffortunderstand.net
Type: A
DNSthroughunderstand.net
Type: A
DNSeffortbroad.net
Type: A
DNSthroughbroad.net
Type: A
DNSeffortbehind.net
Type: A
DNSthroughbehind.net
Type: A
DNSeffortbutter.net
Type: A
DNSthroughbutter.net
Type: A
DNSforgetunderstand.net
Type: A
DNSincreaseunderstand.net
Type: A
DNSforgetbroad.net
Type: A
DNSincreasebroad.net
Type: A
DNSforgetbehind.net
Type: A
DNSincreasebehind.net
Type: A
DNSforgetbutter.net
Type: A
DNSincreasebutter.net
Type: A
DNSwouldunderstand.net
Type: A
DNSrememberunderstand.net
Type: A
DNSwouldbroad.net
Type: A
DNSrememberbroad.net
Type: A
DNSwouldbehind.net
Type: A
DNSrememberbehind.net
Type: A
DNSwouldbutter.net
Type: A
DNSrememberbutter.net
Type: A
DNSjourneydried.net
Type: A
DNShusbanddried.net
Type: A
DNSjourneyfifteen.net
Type: A
DNShusbandfifteen.net
Type: A
DNSjourneyangry.net
Type: A
DNShusbandangry.net
Type: A
DNSjourneyarticle.net
Type: A
DNShusbandarticle.net
Type: A
DNSdestroydried.net
Type: A
DNSlittledried.net
Type: A
DNSdestroyfifteen.net
Type: A
DNSlittlefifteen.net
Type: A
DNSdestroyangry.net
Type: A
DNSlittleangry.net
Type: A
DNSdestroyarticle.net
Type: A
DNSlittlearticle.net
Type: A
DNSriddendried.net
Type: A
DNSbelongdried.net
Type: A
DNSriddenfifteen.net
Type: A
DNSbelongfifteen.net
Type: A
DNSriddenangry.net
Type: A
DNSbelongangry.net
Type: A
DNSriddenarticle.net
Type: A
DNSbelongarticle.net
Type: A
DNSchairdried.net
Type: A
DNSthosedried.net
Type: A
DNSchairfifteen.net
Type: A
DNSthosefifteen.net
Type: A
DNSchairangry.net
Type: A
DNSthoseangry.net
Type: A
DNSchairarticle.net
Type: A
DNSthosearticle.net
Type: A
HTTP GEThttp://belongbehind.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 95.211.230.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   656c6f6e 67626568 696e642e 6e65740d   elongbehind.net.
0x00000050 (00080)   0a0d0a                                ...


Strings
c
3SFn
nCaEa
eSeEe
"
 
\
.
 
\
.
  
.
e
. 
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
- 
000
-
.
u
                                 
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
; ;$;,;@;`;
0!0&0,04090?0G0L0R0Z0_0d0m0r0x0
0$0,040<0D0L0T0\0d0l0t0|0
00050A0F0e0
0!0+0A0K0c0s0
0#0-0I0S0Z0v0
0"0-0J0Z0g0
0$0,0P0j0o0w0
0,040<0[0
0#080D0e0}0
0'090L0h0
0#090m0
0.0F0N0e0o0|0
0#0m0{0
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0	1.272Z2s2
020?0h0
0>4>8>L>P>T>X>\>`>d>h>l>t>|>
&060z0
070F0K0[0h0
<0<7<N<V<f<v<
: :(:0:8:@:H:P:X:`:h:p:x:
0C0\0i0q0{0
0d0q0y0
0E3X3m3
:`0F-h
;0<F<P<c<
>0I0W0_0g0o0v0
0J0`0n0
0J2[2j3|3
=0=?=k=y=
0l1s1~3
?0S0s0
;0<@<Z<r<
101;1O1
1#1+10161>1C1I1Q1V1\1d1i1o1w1|1
1"1*10161>1G1N1V1_1q1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1)11191K1S1[1{1
1$1*1=1L1R1_1i1
1$1,141<1D1L1T1\1d1l1t1|1
1$1,141;1L1T1g1w1
1*1?1J1Y1f1u1}1
1-1=1M1a1r1
1(1/1N1j1u1
1&1.1N1V1
1.161=1C1Z1
1'161>1r1
1!1B1H1
1-1D1Q1l1
1*1F1N1S1[1}1
1=1K1V1[1q1x1
1;1Z1q1
121J1h1
1*252A2I2Q2Y2t2
132:2B2
151H1P1[1g1
>(>1>7>=>C>I>O>U>[>a>k>u>{>
<1<7<^<h<n<t<
=*=1=9=E=L=U=d=m=
>1?A?L?S?o?
<'<1<;<F<N<U<^<f<|<
1I1W1f1t1
<1<N<[<v<
1P{^$W{
1Q1X1n1|1
1#QNAN
1#SNAN
-1|UIf
<1<?<X<f<
2)202>2Y2g2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
2*222j2
2 2,232?2
2$2,242<2D2L2T2\2d2l2t2|2
2"2*262R2|2
2$2(282<2D2\2l2p2
2$2=2C2K2X2`2h2s2
2,2=2E2U2f2o2
2#2@2Q2Y2h2
2+2_2z2
2+232R2^2f2n2|2
2(252B2J2R2g2
2!252D2o2z2
2#292D2i2q2y2
2)2g2r2|2
2%2h2u2
2&2m2}2
2<2P2s2|2
2+2U2\2d2
2*323?3K3`3j3
2)3.3F3j3
2@3I3^3p3
2#3R3i3
242h2z2
	2)474A4
252=2D2[2t2
:(<2<8<L<X<z<
292A2I2g2
<$<+<2<9<@<G<N<V<^<f<r<{<
:&:2:A:
:2:b:h:q:|:
?2?=?C?Y?_?
>2>:>E>[>i>v>}>
2G2Z2j2
<'<2<^<j<
=)=2=N=
<2<:<N<U<i<o<
314>4J4W4e4q4y4
32393U3`3e3y3
3$313O3V3^3h3
3 3(303H3P3
3 3$3(303H3L3d3t3x3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3(3,3@3p3x3|3
3$3,343
3$3,343<3D3L3T3\3d3l3t3|3
3.3:3A3H3c3m3
3 3-3A3N3e3{3
3)3/3F3N3V3^3f3}3
3 3,3u3
3.353A3I3h3p3|3
3,3A3I3Q3`3h3
3=3a3w3
3=3G3s3~3
3(3r3~3
3*404U4j4
3%4-484@4
3'4[4o4
3$4L4u4}4
3#4U4Z4
364>4]4
:%:3:C:P:[:{:
3D3T3_3e3
;!;3;E;V;[;o;w;
3G4m4x4
>)3P %
4*434B4e4s4~4
4 4(404@4H4T4\4a4}4
4 4(40484@4H4P4X4`4h4p4x4
4 4(4;4C4K4a4l4q4~4
4$4(484<4@4D4L4d4t4x4
4#4;4q4
445I5a5~5
4)484F4e4w4~4
4)494G4M4S4l4{4
4%4A4N4
4)4E4e4p4}4
4'4G4U4s4z4
4[4k4{4
4:4s4{4
4.4X4e4p4
4.53595@5
4 5(5/5I5S5[5c5i5u5}5
4&5>5R5Z5b5r5
4.565>5F5`5r5
4.565B5O5W5_5g5o5x5
4&5b5j5
:':-:4:A:H:N:^:q:
<$?,?4?<?D?L?T?\?d?l?t?|?
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
;$=,=4=<=D=L=T=\=d=l=t=|=
?$?,?4?<?D?L?T?\?d?l?t?|?
4E6c6|6
?	?!?4?:?@?G?P?U?[?c?h?n?v?{?
='=.=4=K=[=g=o=w=
4Q5^5g5
4S4h4|4
515>5F5N5
535A5L5e5|5
5%525<5b5
5-525:5O5d5l5t5{5
5 52595>5N5i5
5&545<5X5d5l5r5
5 5(50585@5H5P5X5`5h5p5x5
5 5$54585<5D5\5
5/5=5`5n5
5'5/5C5H5
5)585]5
5)5I5m5
5&5J5`5
5*5J5W5i5q5y5
5*5L5T5^5f5n5u5
5;5O5U5
5>5P5X5`5h5s5
5(616>6T6^6g6t6
5-656=6E6R6X6o6w6
5 6*6D6T6~6
5#6/6J6R6Z6j6p6z6
5 6B7J7
; ;5;E;O;g;
:$:+:5:<:F:N:W:_:g:n:|:
5N5d5w5
5O6W6p6v6|6
5W6_6g6
;#;5;X;`;h;q;
60B0c0i0p0
616?6X6f6r6
6!626:6
6 626>6`6n6
6 6(60686@6H6P6X6`6h6p6x6
6"6*666A6J6S6`6
6!6)6:6@6E6L6R6
6"666D6O6U6e6l6
6#6/696G6M6Y6c6k6q6
6'6?6L6W6]6k6
6'6@6N6g6u6
6$686@6H6P6T6X6`6t6
6,696A6T6\6x6
6$696f6u6}6
6:6P6v6
6;6Q6]6
6"6T6d6}6
6+71787B7[7c7
6+737?7K7S7_7
6)767A7I7N7X7g7
676P6a6n6u6
6#7_7|7
6-777V7
6+7C7Z7n7
=6=C=K=W=_=p=
<!<.<6<><C<N<V<s<
=6=c=u=
>%>6>G>
	6GaVPf
=.>6>I>T>Y>i>u>z>
6L6m697D7
6L8R8\8
6V7\7c7i7
6Y7g7~7
6Y7m7u7
70H0x0
717G7O7c7i7
757\7~7
758;8B8
767D7]7k7
7'737D7Y7g7r7|7
7 7(70787@7H7P7X7`7h7p7x7
7#777E7]7
7 7$7(7r7x7|7
7$7+7[7t7
7$7.797A7i7p7
7,7:7G7R7\7h7y7
778D8Q8Z8
7$7c7h7q7v7
7>7F7w7
7(7V7b7j7v7
787X7x7
7%8<8J8c8q8
7-8;8T8f8o8~8
7"8B8J8T8\8
7L7Q7f7|7
7-nF?\=
=/=7=O=\=z=
7-pCW&
:*:7:Q:Y:`:z:
<7=T=\=m=u=}=
7U8_8z8#9Y9
<%<7<<<U<b<x<
<%<7<V<h<z<
7W8_8g8n8v8~8
?/?8?\?
80888@8H8|8
808M8T8g8x8
859A9M9\9g9
8 8(80888@8H8P8X8`8h8p8x8
8#8)848=8J8R8_8
8$8)848G8R8^8p8z8
8!8-858=8O8h8p8y8
8&8.868S8f8
8$8-8:8[8f8
8(8.8:8@8P8X8^8f8n8z8
8 8$8E8o8
8&8.8H8g8|8
8(8<8P8c8
888X8x8
8/8B8I8V8h8t8
8$8B8N8T8`8h8p8{8
8)919D9J9Y9|9
8@9l9t9|9
8?9N9d9|9
?8?B?S?j?
>+>8>D>X>q>|>
=8>E>L>V>~>
8F9N9Z9i9u9
>8>F>a>o>w>|>
8I8U8]8f8r8
?(?8?I?V?d?x?
;8;@;j;
8S9g9A:
>*>8>Y>
="=.=9=`=
9	:%:2:J:y:
989<9@9D9H9L9P9
9*909B9X9o9u9
9*919N;
9#929@9Y9g9
9'939A9F9L9R9k9x9
9&939U9e9l9
9#959Y9
9 9(90989@9H9P9X9`9h9p9x9
9%9,919A9U9
9$9,969H9P9X9
9&9.9<9Q9[9i9
9#9+9D9~9
9(9B9Z9e9w9
9(9H9h9
9$9P9|9
9(9S9Z9b9{9
>9>A>I>
9C9H9P9w9}9
9D<H<L<P<T<X<t<|<
?$?+?9?D?P?a?o?
=$=.=9=D=Q=r=
9E9Q9l9|9
="=,=9=E=N=]=
9>:F:_:
;!;9;@;H;n;
>!>9>>>O>`>}>
:);9;Z;o;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
?%?A?I?P?_?p?
;A;J;S;`;h;
< <$<(<a<k<
already connected
already_connected
;A<Q<a<
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
>	?A?x?
b 6r>)R
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
;B;N;s;x;~;
:(=B=O={=
broken pipe
<"<*<B<T<a<
= =&=+=<=B=T=Y={=
;";.;B;V;];h;q;
bWWWWj
?;?B?X?_?
<:=c=}=
>$>,>C>]>
__cdecl
CheckDlgButton
=*=<=C=J=T=Z=`=g=o=
:;:C:K:l:
;#;;;C;K;Q;_;
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
CompareStringEx
CompareStringW
 Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
=C>T>e>v>
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
directory not empty
>&>,><>D>J>Y>c>i>x>
<D<K<R<X<
DrawTextA
;:;D;X;d;l;t;{;
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
;E=c=|=
>E>\>h>
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
? ?$?E?o?
executable format error
ExitProcess
e}$Xx}X
> ?*?>?F?
__fastcall
#fBcks
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
F*J	'T
<;<F<L<^<h<q<
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
;:<^<f<n<
?>?F?N?_?g?s?
;>;F;N;x;
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
>$>?>F>Y>c>j>r>|>
<"<.<<<G<
g2O3Z3j3
GDI32.dll
generic
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCPenColor
GetDeviceCaps
GetDlgItem
GetDlgItemInt
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileTime
GetFileType
GetFontLanguageInfo
GetForegroundWindow
GetFullPathNameW
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetQueueStatus
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextCharacterExtra
GetTextCharsetInfo
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
<.<G<r<z<
=/=<=G=W=k=s={=
`h````
"hdc jerdilbjev jbzaesfza ibyluoc givfel qcsodibz mdnuk acrj nselufjrel oagupva lfu dlferc vbyiuc wler wrbatr agnmumibni sugmajniu jiltufobmo rjfeh rcs lglijiwg bimii fczosndul nfdasz guvimolgo elrwoout qjfupjdis iahwfiu jdfi iszmep lbu lmbuv zgbitsomi volni fzm teoarji bbko aamudc btb gjfabcg inp fiilf laqle urmobet fontufjea ignufabgr pla nru obu niacforhy njcacxbead jfl zrj evzc elumbev lqloed pruyopwbe dxgojzk ana bmicozg uteefat jmmajgxis yndelsf urmosaixp jnj ymaanalo rnsiejent tzqec grwoeus ffad hcpobmuvaj jufna lapuyu mzooci kdnum ardp slla kcluft ezv plnirche qshesau gvletf delbof mgcarcjiii iacj aicc iquyobigl alph lnumaw tka fnsor lsusegs afzmozahse
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
hgf iflzaiyn lbetefdcae adwvetsaj epibco ggl zafl peiugg tbbesu oumvxabuj cutnibhmu slde jmioa xswud ionrbufg yfcurf tjufa njz bnseitnh ywceivr hlsihvroi jkaluppgu rebjegbp fruwarl bzkofh ohb buaibiagit lvpuhnc ktf uhzomijzp zrpecan jfpetpriwn ptd qbn lbpihg psji gkluevy uec xdfovno wfru kgyieebcgu gkfif ldk eirzrancl gbre ihtdijjv osfp bthizcdows ygocod oopbbel jlgaiy ylicem cmsamssab neidah cbxapcbe rcnajscu cnpaegim fftigpic pmvi jlnolnr agggu eima qdgi fcacitx noel fguezenjr ydde pnkirdcu bpj ceifpewz idgfa dgbiprkiml mjruusm ibqataxgl claat aglajiars bemsoicdte uyj gafpa uskotestdu wztebmliu erpez oufzl ovejni jue gdqojbej bbd lbuuuf lfdu ktk vgducblis jnvavoac c
<(<H<h<
`h`hhh
HH:mm:ss
HHtVHHt
host unreachable
host_unreachable
;%;@;H;P;_;g;o;w;
: :(:,:H:P:T:l:p:
=*=>=h=p=x=
;@<H<P<x<
:':/:H:P:X:l:
Ht+Ht$Ht
:':::h:v:
_hypot
identifier removed
iDjiivdis suutnes rgbukdooli iteb pnxolt ereefmasna cajebaclsu njmaepfma xksen fpjogymeu redif cdnozdeto dbgoehp jqozon numj mcjuit nkpezju nfsaulhmea qwpozd lbmiiozp cnjufb jcema asleheky nihtedyxu osizhoomr ddaju ytludhtuk zimbiod mpn brfij cbf ikfya tbxujx pdrusdur udgme zaw slta llgiwvfoft cbcisnene iiphj bgajalfzuk cxniujopaa gqoc brp coq iwrf jicgauzsh xqxulsnecs dfg pabj bbfolr ljmiijqja wcb erjeec kil dmnawlp egkgi rsqoescjao fzed abgdu dopmu gcpuf ijocyefmd giiybuvna ptevi ibubsabvpa dvgarmlob cmvoybf dmpezts jmhic yglozd immm ydn tzveu rrcujg dakbed zusp pxwixnape bvgu umzsauk ocjgocg mcaxex dfmaxcdia zbh jrbua ogtB
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
:=:I:Q:]:e:m:u:}:
?I~-Q*Y!
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
IsWindowUnicode
<itx<o
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
;";.;J;c;j;r;z;
@jd_u	
Jf=J%3
j/_j\[f;
j@j _W
jN};mN$
>J?V?f?o?
>K>a>l>
} kE$<
KERNEL32.dll
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadIconA
LoadLibraryExW
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
; ;.;L;T;\;
;L;V;^;f;
L w	_4
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
>,>M>^>f>n>
MM/dd/yy
Monday
MoveFileA
MultiByteToWideChar
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
nfgugfwi wgves iebrjemukt pjcaphbul xeotzey pgje nosnujn cuj ovs fwonegogfu aflbu wbceorg zzs jupne gpzebtgap tebdofrfi gpbaxqj sdlovvcaa uwj ldto rmsifgtu ielm ljco buxaocusf bnij iry bzk orgruqbxee qfobejryib ilw jfigecfe cbcuolj zpeteebb opznool ybj nnoado ffoge gmsu zlluorh cibmipb gjgajcbus xynibjdof igr fuad gsgomn meniceted zbnizgcuei gebvogikre jskumwcei hxivacsbe mvr burcayjij rjmoicid rtxuj prhacbbap tfucehbfo pgb ocxqiemjr jzcum jgj uri lvl gogtogglu msze fofr jnma ddeniebdao jmmutkn yfafiamem epvi ntmoxxeluf jimpensvu udihqajoml cbni yaifpomed euelglaic sgazuaczc cgketgl yudcisqt jngelzte sicboppa jvbeqzd gjdembsi mcfu jcrefjben nsti ksoijowvgo bpim gawlig
='=@=N=g=u=
Nipgnacvdeq zozpannbu dudce ljsizsaku jrnu weoid dnbi mujje ceojb vkceot gtle jzdind ecuinius fmd mkgablqoub farfuzdnec itcbuztec agobweimv cupgasjyed bfcidn cdba jpxojpemej vgalebigzu lzvanoqibo ggelom ibsd ztiue pghelldejc potdepptei ceostic ynuruhzzu ijstonhl zsigohrdej hgj lzdep pacaoi ogjniad ujac dfmodpfo fncoke wvileuavwl rfei gacnee bvelim biabqa ppobolip ollofecws gabg gdfu btdackap jcjebluobu wjne nmsunbog ddkolll fxpompc drhip zbludxjata nmtod glfuussmon bif offc vxus ujipuxafz nemdoojrp biphi borjof egpcou bne oimgd sowbagtpo ajqtoathm skraibjdi oumo eqocnopy pjguini klnixqja ajwz coeb tprogdis joshabzdeu ijj bpmi grr sajod ltcigsqo funhicalug gwdonwvuby peoigcu kpba1
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
'N]P.NJ
(null)
:N)UV~
nzmuvgate mjz ogngingxa ngs cnur boccoc stsijf tanreal esdnuave fmdaxpraa dpcisrce sfnopn lnj rcladgoj anrfemsv gmfusrico bvesodon zfju wvdakedw lcqui rirsebnp smduecb ggfa phyoeibb gccinebz cmnoic afidoc vlbusj uebm cuvgusjpe mtjef cfcoafpefe ipjfe dmhif bkecopfmuc tjgebs dvgucldap dmxo ogqmon sffuwjg qcyam wgvu glba cpnutrdo gtkoeo ncilov lonulagfu ifseeduor gbii publufc uzotibipb som ujcsaxdba xtf gzf sbgalfpa vdd klv bunlorg bvroc vufu klfoeuanau lavsui jigpeg jbenu fotd aczaizid apq bgzigjf lkp sbxouffzoa ffjizbboua usqbefpf zgmeeioj acgnicviiz bfm cesdi ure guns ngopu oojfke lgbi ppsis mcciifz zoeeeol rgbiwlu mulleu
October
okTldu9(
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
orvduwyieu lececo judqif jlj iiqf cohcet bvjurlifi gtc hltacnpenh ceu qpibi jqmebmfixo vjeifonjhu pwle skwanal gfcomd eclaj fndoqmce ejocge mjhao ssleouiorc jljupym srkogvfico ptigiemjre idtci fuuj uby pebda sdjemzbi gecleuds abfsee bsqe bojsol evrvutdje zegi cnc vqgijjvupu err xnda ifuz begn llm tlnasc agdfuobar jvru bjdano xnnoeamw bsjiwj miktoopo bin flopi pjp jdlup dphut udjna cmtoictba ejddo pucconm tvmec tlmou oejrsotn lmbu mjnomaxz fmcii oauzadpip xaexliac mjlodul daov secwaa zxravsce oejp nyfatb xigoiliq vbjuli kyqovgr tlfofp leqjuvee tcju lcno pqzear dcrifsc prsipdg edgjuosnfo shaebeczap kfjafm efdtameas vbfew wdpao uyltejd abnn mxi xlae ecf gpr gcfup adzlogoxa jlus nyocanmjoz ufspumd aoouok jdcijb ilcwa ksdaz blcejl ppeogiamc ual
;(<=<O<t<
OutputDebugStringW
:O:v:~:
owner dead
P2T2X2\2`2d2h2t2x2|2
__pascal
PeekNamedPipe
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
p,~N8kU'
PostMessageA
PP9E u
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
pYfY]Lv
<$<\<q<
% Q-;-e
QQSVWd
QueryPerformanceCounter
?#?/?R?
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
RtlUnwind
> >$>(>r>x>|>
Saturday
`scalar deleting destructor'
>;?S?d?l?x?
sdtu whno nvuv pcagaec mrtimdoliu lpfawcaxu nfcepsb bplilsqisg pzcilyobe tqmactl eeffhosjy zegjorwl jii zbbe zbzumwqa fsbip uoewpjeslt qfzodcbok zdl gchiddvaba dyboumsfi jdcorojga vfyuk actlenfdur mnfa nsudushv suetcu ftcivi srno bwoadetum jgwazj siwluuwd jvjuamo gid chga pgcu sygalgmui cogtabflu jismodocno qbratgbiit oyxe bjnue wcceipo gysiefj cmmat nppi ojlda oguccic caspusdiz fbfop bgiuhu qsup rjef sfadifktib ugga iaobxceqg bppui vemjaihce jypoyc skixiamf ldwom pxamieg ccg zlxuo juqlewude bonbu uqgra kogfub larza ofo hlpelm jmcig oprcos cnvug btb jnbuu pttawgce scs lcjobpc evfpebljos jscolgb nkdofdga conqaea szgaeba afugtuhicb fsgufesc omwjiwj xijdetzfa eijl jwg nspoacxxe
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetStdHandle
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
s^>HKLVG
ShowWindow
SizeofResource
sLK	u5
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
?S?X?q?~?
system
SystemTimeToTzSpecificLocalTime
;-;;;T;[;
~';_t|%3
< t8<	t4
t&9=$	D
=T=\=d=
TerminateProcess
text file busy
t!=fff
tflua tgofanmbim mgce tnwifuct ebgbogddol ozuepdubll xmnocvvo sklis sdeapetl hrtohz getr dwro mdiipa nximu vbg jfbiml ddnemgc lgtaverjiv cmbojca zosofenjic vpfusfgoe ewpmily ennciul fejgottc mbticdodoj asizuij mroja llpul vntizrfi efyle sdjoljs jermefuvs jmgunivwi zgi wjxejinbop jidgebrs gqfo hkfo kzxo fcr bezagebml negajoe usa bjnilgnin ptguibt lojvandaje vrfovahfo bbcoapljo jvlasud ojatberkni waiya sdmixs fwke acrnafl oucisbamtx temcolv tatciaf myvesfpaf c
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
tjjDh_#
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tmporeou pbl valdarpwur aslfulwedo sljumnfaid useneseejm kjfiu snz esduf nzsejg wsbe ggda fpl pgborptog iils ptrovffo ieddzuv edoijro bigkesmzum lsojo eyhceiu obadeaiur otehuterld unjjuladru foebvo gmra ezams uquyrev fssuofulic kretor udfmaffdam ueszdub bjbuxxba ckdu bpdejz bjc ssvavjgif pmbarrlos icmgiuued gavcep ddziniexp njuvuigpf zghetpro mkgueoamnf rnne ffjifuqfu crbir amstordvea ijvrutin jmewojld uxcusuwpsa updjeistfa ovbqirkl bftatzfueb kmnulig nlibofj lddopqfi aaef dejuc jjrenznu alpaovemjl dvjoiblf lfiuisac jvhodim zgo jxreimudm bfafaigodm dgle buccef efjimub bgekobu scneywego yelesudcq zfgo uzwbiui gpeor spodecldou bnmipjfal uggko ncipuvi bmP
tnhozyhau buojsazzp voy mwgaopzig tvcaa bezp ewmhezgsel vfzewfqoe gjsouebjf cusvamub colnosff frjeocd jumret hndi ugf cplol nsvu pddo guvp qnnugbej zadko jinsipad nffufnfuzs bvsi dyxulcud abc ufcgeecvr cjn nfzuzj najwus ubeniag llm iklwefhla blvakvfu lmfi gzdigfr eup urrpirsvef bgnolatc ilgicatd ujkbor djtix sdrebmyum jsbaoz adylewj dnyepgni gqviosz udgsavgnu fhtugzr pwcuo nbu oic ghcuhcjaqn roqdaqfix yjmucd ijwwa kilmesi hgradia czlevibna oxnbe iejjgaig cidb lsusi zbnuxle pavou ujdfohspe axtdumcqu fjo lrmod aef sfminufzio fjjowsyati dfpep ordkuy suektaa fzutus iecl zgut edp pndift aglset ddmaiot glifozox eiffxe cozn
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
-[;ttVf
Tuesday
;t$,v-
 Type Descriptor'
`typeof'
uaPPPS
?:uBGW
uBjAYjZ+
`udt returning'
ueuf sasac lbkie zmtaauijfk bzbaet dtbau fvce xetapi cfzi djji oprsekz oooxjq vjaubevfne dgesejij sddifg wxodirulle gnzivolv jpdidnkom upspemmci czc uvuggofrib cqvi ydfigir zlderjesef ttcouxrb pafjo nrhamuevdu qmma puzmiggrie jxjuqbnuf cgpafxdonp soie lrueueimob ffixeii osmlala mscog ipbg lfcinff gpf snusi ipd osjvelj pavzebdo zbgathl jtenit dcb mjwugegtu dcvisiubx qiml pfvuuduuj xdzaeuzdej jcuyojpj otghijvec kinr aajkpummdi fjcixudg ocnl ygnifzcarf fenube piec mddo uqrvi gsgorenpio kjzoq agpcunlp bkdi lyqoj gdd siuegpef xmmofjtof vpv dpmabgbofl jiob rvtirfbua mplald tiblejjesu edmdi fcgo dju cundohl tmzubxraba gtfuldwu nldapou jlzoebc nlgebubnaq slvikbniaa pvauzig ryma lieexbu oeepvlef ggr
>">(>:>U>k>
uLPPPh
:&:U:]:n:
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
uN|uwN
UpdateColors
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
value too large
`vbase destructor'
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
:=;v; <(<F<R<
`vftable'
`virtual displacement map'
v	N+D$
:V;#<R<[<
VWh<|C
}w8@oI
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
WindowFromDC
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
: :@:X:
X0`0v0
xppwpp
?'?/?X?p?v?}?
xpxxxx
;:;X;x;
<><Y<}<
Y;5X	D
YY_^[]
Y.*&yR
Z&\Qm@
z&y\:b@b